tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-31 01:34:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

security: Guard configuring roles

Browse Source
This commit is contained in:
Eric Lippmann 2015-02-02 13:30:52 +01:00
parent 53e7b44308
commit 7a81133ad3
1 changed files with 46 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
application/controllers/RolesController.php
View File

@ -1,6 +1,4 @@
<?php <?php
// {{{ICINGA_LICENSE_HEADER}}}
// {{{ICINGA_LICENSE_HEADER}}}
use Icinga\Application\Config; use Icinga\Application\Config;
use Icinga\Forms\ConfirmRemovalForm; use Icinga\Forms\ConfirmRemovalForm;
@ -9,31 +7,57 @@ use Icinga\Web\Controller\ActionController;
use Icinga\Web\Notification; use Icinga\Web\Notification;
use Icinga\Web\Widget; use Icinga\Web\Widget;
/**
* Roles configuration
*/
class RolesController extends ActionController class RolesController extends ActionController
{ {
/**
* Initialize tabs and validate the user's permissions
*
* @throws \Icinga\Security\SecurityException If the user lacks permissions for configuring roles
*/
public function init() public function init()
{ {
$this->view->tabs = Widget::create('tabs')->add('index', array( $this->assertPermission('system/config/roles');
'title' => $this->translate('Application'), $tabs = $this->getTabs();
'url' => 'config' $auth = $this->Auth();
))->add('authentication', array( if ($auth->hasPermission('system/config/application')) {
'title' => $this->translate('Authentication'), $tabs->add('application', array(
'url' => 'config/authentication' 'title' => $this->translate('Application'),
))->add('resources', array( 'url' => 'config'
'title' => $this->translate('Resources'), ));
'url' => 'config/resource' }
))->add('roles', array( if ($auth->hasPermission('system/config/authentication')) {
$tabs->add('authentication', array(
'title' => $this->translate('Authentication'),
'url' => 'config/authentication'
));
}
if ($auth->hasPermission('system/config/resources')) {
$tabs->add('resource', array(
'title' => $this->translate('Resources'),
'url' => 'config/resource'
));
}
$tabs->add('roles', array(
'title' => $this->translate('Roles'), 'title' => $this->translate('Roles'),
'url' => 'roles' 'url' => 'roles'
)); ));
} }
/**
* List roles
*/
public function indexAction() public function indexAction()
{ {
$this->view->tabs->activate('roles'); $this->view->tabs->activate('roles');
$this->view->roles = Config::app('roles', true); $this->view->roles = Config::app('roles', true);
} }
/**
* Create a new role
*/
public function newAction() public function newAction()
{ {
$role = new RoleForm(array( $role = new RoleForm(array(
@ -61,6 +85,11 @@ class RolesController extends ActionController
$this->view->form = $role; $this->view->form = $role;
} }
/**
* Update a role
*
* @throws Zend_Controller_Action_Exception If the required parameter 'role' is missing or the role does not exist
*/
public function updateAction() public function updateAction()
{ {
$name = $this->_request->getParam('role'); $name = $this->_request->getParam('role');
@ -105,6 +134,11 @@ class RolesController extends ActionController
$this->view->form = $role; $this->view->form = $role;
} }
/**
* Remove a role
*
* @throws Zend_Controller_Action_Exception If the required parameter 'role' is missing or the role does not exist
*/
public function removeAction() public function removeAction()
{ {
$name = $this->_request->getParam('role'); $name = $this->_request->getParam('role');